Home GDPR – General Data Protection Regulation

GDPR – General Data Protection Regulation

Last updated: 15/07/2023

This page is controlled by ISHOP AS (Avd. QR-Kode.no) Langgata 18, 4306 Sandnes, Norway.

You can contact them via email at [email protected] or form here .

We automatically collect data through cookies we load on your device, including analyses.

We also collect the IP address from which the connection is made, the type of device used and its characteristics, operating system version, browser type, language, date, country, time of request, the URL you come from, the URL you go to, or the mobile network used , among other things.

The user voluntarily gives us information such as name, e-mail or card details in order to contact us, sign up for the service or buy a subscription.

The service will, among other things, use the collected data to manage and update the service, respond to requests, send you our newsletter and promotional offers via e-mail.

We also manage your registration on the Platform, manage and provide services related to your subscription, process payments you make and issue the corresponding invoices, maintain the security of the Service, investigate illegal activities, enforce our terms and conditions, and assist government security forces and agencies in connection with their possible investigations.

The disaggregated data will be retained without a deletion period.

Customer data will be retained for the minimum necessary, and may be retained until:

5 years, according to Art. 1964 of the Civil Code (personal actions without special time limit).

6 years, according to Art. 30 of the Trade Act (accounting books or invoices, for example).

User data will be retained for a maximum period of 12 months to handle your requests.

User data uploaded by the service to pages and profiles on social networks will be retained from the moment the user gives his consent until he withdraws it.

Right of access: The affected party shall have the right to obtain confirmation from the data controller that personal data concerning him or her are being processed.

Right to rectification: the affected party shall have the right to obtain, without undue delay, from the data controller the rectification of personal data that is incorrect and that directly affects him or her. In addition, the interested party will have the right to complete incomplete personal data, including by means of an additional declaration.

Right to erasure: It is the right of the affected party to obtain, without undue delay, from the data controller the erasure of the personal data concerning him.

Right to restriction of processing: consists in obtaining the restriction of the processing of your data by the person in charge, although the exercise has two aspects: 1) When you challenge the accuracy of your personal data, for a period that allows the person in charge to verify it and 2) When you have objected to the processing of your personal data by the controller based on legitimate interest or a public interest task, while the controller verifies whether these reasons take precedence over yours.

Right to data portability: It is the right of the affected party to receive the personal data concerning him, which he has provided to a data controller, in a structured format, of common use and machine reading, and to transfer them to another controller without being obstructed by the controller to whom they were given.

In this sense, the interested party will have the right to have personal data transferred directly from controller to controller when it is technically possible.

You can exercise your personal data rights at any time by sending an email to: [email protected]

Or the postal address: ISHOP AS (Avd. QR-Kode.no), Langgata 18, 4306 Sandnes, Norway. In both cases, you must identify yourself with your first and last name, as well as a copy of your ID that confirms your identity.

In addition, if you believe there is a problem with how QR-Kode.no handles your data, you can direct your claims to the corresponding data protection authority, and in the case of Norway it is the Norwegian Data Protection Authority .

The Service takes all necessary technical and organizational measures to protect the security and integrity of personal and non-personal information collected. Both against unauthorized access and accidental change, loss or destruction.

However, the Service cannot guarantee absolute security of the information collected, so you must cooperate and use common sense at all times with respect to shared information.

You understand and acknowledge that, even after deletion, personal and non-personal information may still be visible in cache or if copied or stored by other users.

We do not transfer data or international transfers. However, there are third parties that handle parts of the Service that we require to comply with our privacy policy to the extent that it is applicable to them and that they have their own.

These third parties are service providers who perform functions on our behalf, such as web hosting, analytics monitoring or web development.

Also, if we believe it is reasonably necessary to satisfy any law, legal process or legitimate interest. In all cases, we will only provide the strictly necessary information.